Information System for Document Management and Electronic Management of Investigation Files (SMDDA) for Digitizing Administrative Processes and Procedures of the Competition Council and Its Implementation
LOT-0001
The requested product is identified as a digital investigation set, in total quantity intended for analysis and investigation activities..
2.1 The software solution must have a modular architecture so that the blocking of some modules or the software interface does not interrupt the execution of other modules; 2.2 The solution uses a relational database to store, search, extract, recover, and report processed and indexed data; 2.3 The processing and analysis module supports multi-core and multi-thread, being capable of utilizing over 90% of the system's available resources; 2.4 The solution must allow data processing in a distributed manner, using 4 processing engines on 4 different systems at the same time; 2.5 The processing module allows cancel/restart functionalities for ongoing processes and email notifications upon completion; 2.6 The solution allows performing indexing, processing, and analysis operations on digital data stored on various types of storage media, such as: - Image types: EnCase (E01, L01, Ex01, Lx01), AFF, AD1, DD, DMG, SnapBack, Safeback, ICS, MS VHD, GHO; - Image types: ISO, IMG, BIN, TAO, DAO, MDS, CCD, CDI, CUE, NRG, CIF, VC4 - Image types: XRY, UFDR; 2.7 The solution recognizes and analyzes file systems such as: - FAT12, FAT16, FAT32, exFAT, NTFS, ReFS (Windows 8 and Server 2012), HFS, HFS+, Ext2FS, Ext3FS, Ext4FS, CDFS, ReiserFS 3, VxFS; - For each NTFS file system where VSC (Volume Shadow Copy) is detected, the analysis stage will provide the following options: - Individual selection of VSCs. - Add selected VSCs in complete form - Differential addition of selected VSCs (the current NTFS version will be complete, and the VSCs will be included as a difference) - Differential addition of selected VSCs (the oldest VSC will be complete, while the remaining VSCs and the current NTFS version will be included as a difference). 2.8 Recognizes, analyzes, and can decrypt fully encrypted disks (WDE), such as: AFF, PGP, Credant, SafeBoot, JFS, VMWare, UFS1, Ultimaco Safeguard, Guardian, EFS, LVM, LVM2, AppleFileVault 1 and 2, Bitlocker, etc. 2.9 Recognizes, analyzes, and can decrypt encrypted files, such as: Bitlocker (Win Vista, 7,8), Checkpoint/PointSec R73 7.4.5, Checkpoint 7.6.150, McAfee Endpoint Encryption 5.x and 6.0, Safeguard Easy 4.40.9 and Enterprise 5.40 and 5.50, etc.; 2.10 Indexes, processes, and analyzes multiple types of files with complex structures, such as: - Email containers: PST, OST, NSF, MSG, P7M, ICS, VCF, MBOX, EML, EMLX, TNEF, DBX, Bloomberg XML; - Archive file types: 7Z, ZIP, TAR, GZ, BZ2, RAR, Z, CAB, ALZIP; - Office files: DOC, DOCM, DOTX, DOT, RTF, ODT, OPD, UPS, XLS, XLSM, XLSB, XLAM, XLTX, XLTM, XLS, SALA, XLM, ODC, UDS, UXDC, DBF, PPTX, PPTM, PPSX, POTX, POTX, POT, ODP; 2.11 The data processing module ensures the possibility of creating and using processing profiles, within which the processing parameters are established and configured by the user. 2.12 Predefined user profiles support import/export operations; 2.13 The software interface allows the creation and application of advanced filters and automatic classification of data; 2.14 The software interface must allow the user to view files in various ways, such as: native, text, hexadecimal, and filtered, etc. 2.15 The application natively supports processing and analysis of Internet browsing artifacts and includes an SQLite viewer; 2.16 The processing and analysis module of Internet artifacts also has a search engine and recovery from unallocated space (carving functions) for web applications, such as: Facebook, Google Drive, Google Chat, Skype, Dropbox, Torrent, etc.; 2.17 The software solution also supports other types of data, such as: - CSV files generated by Log2timeline; - Volume Shadow Copy; 2.18 Supports character recognition (OCR), with multiple OCR processing engines available, one of which is open source (e.g.: tesseract-ocr, etc.); 2.19 The software solution interface provides integrated structuring of processed and analyzed data into various categories, aiming to facilitate the visualization and/or quick identification of them, such as: - Exploration Mode, which allows viewing data as it was identified in the file structures attached to the case; - Overview mode, where identified files can be quickly viewed, categorized by file types with their numerical display (such as: known file types, extensions, labels associated with data of interest, email messages, user-marked files, etc.) or by categories related to their status (such as: encrypted, decrypted, files processed with OCR, deleted, duplicates, files from Recycle Bin, files identified in unallocated space (sculpted files), etc.); - Graphical mode, which provides easy access to identified files as image types - The Email module allows advanced viewing of email-type data to facilitate their analysis; 2.20 The software automatically generates a diagram/timeline representation of the processed and analyzed data; 2.21 The software includes a social visualization and analysis module (grouping data based on the frequency of events and relationships between them) of the processed and analyzed data, arranging them in various ways, such as: on an automatically generated timeline, through scatter plots or pie charts, on a map using geolocation data, etc.; 2.22 The software features a reporting module with support for customizing the structure and display of the data to be reported; 2.23 The software solution has a module for generating and attaching screenshots of reports within the software; 2.24 The reporting module must be able to export the indicated data and create links in the report to them; 2.25 The module allows integrated report generation in the following formats: HTML, PDF, XML, and RTF, etc.;
LOT-0002
The requested product is identified as a digital investigation set, in quantity intended for analysis and investigation activities from mobile devices..
2.1 The software solution must ensure the inclusion of detailed descriptions for all scanned mobile devices, as well as provide clear instructions regarding the scanning procedure. The system must allow automatic identification of device type, operating system version, detected applications, and other relevant information. 2.2 The software solution must scan data from SIM/USIM and memory cards: SMS/MMS messages (received, sent, deleted), message metadata (date, time, sender, recipient); call logs, address book, notes, tasks, calendar, browsing data, data and image files, location data, IMEI, IMSI information, the entire contents of the device's memory (memory dump), maximum recovery of deleted information and determination (where possible) of the security code. 2.3 The software must scan information about the network operator, model, version, software version, and serial number from mobile devices with iOS, Android, BlackBerry, and other operating systems. 2.4 The software must scan access tokens for cloud applications from smart devices to use them for data scanning in cloud applications. 2.5 The software solution will allow an unlimited number of analyses/investigations on the extracted or scanned data from mobile devices. There will be no limitations regarding the number of cases, analysis sessions, processed devices, or generated reports. 2.6 The software must allow the interpretation (decoding), analysis, and generation of classified reports on the memory data of the investigated mobile devices obtained through special scanning equipment, including but not limited to compressed files, full memory dump files, and backup memory files. 2.7 The software must allow the visualization of the content of files in hexadecimal format, reconstructing the information and the structure of the file system of the scanned mobile device, as well as decoding various types of data, including contact lists, instant messages, call logs, device identification information (IMSI, IMEI, ICCID codes) and data from various applications. 2.8 The software must support an extensive number of mobile device profiles and application versions (at least 30,000 different device profiles, 12,000 different application versions, and over 400 unique applications). The software must analyze the following applications installed on mobile devices with iOS and Android operating systems: ASKfm, Azar, BeReal, Badoo, Booking.com, Calendar, Calls, Chrome, Ctrip, Discord, Dropbox, Email, Email-iCloud, Expedia, Facebook, Facebook Messenger, Firefox, Gmail, Hangouts, Instagram, KakaoTalk, Line, Mega, Mail.Ru, Meet24, Notes, Safari, Skype, SnapChat, Session Private Messenger, Signal, Teams, Taxify, Telegram, TikTok, Tinder, Treads, Truecaller, Twitter, Uber, Viber, Whatsapp, Waze, WeChat, Wickr, Yahoo Mail, Zello. 2.9 The software must include a module for searching and recovering deleted information (including deleted images). 2.10 The software must include an SQLite interpreter for analyzing information. 2.11 The software must include functionalities for automatic classification of images based on advanced content analysis, used for prioritizing and filtering digital evidence (automatically grouping all identified images by their typology into categories such as: documents, ID documents with photos, bank cards, screenshots, handwritten notes, money, cars, etc.). The system must allow structured and automatic classification of images to facilitate the analysis and investigation of data. 2.12 The software must allow the identification and analysis of digital information associated with cryptocurrency usage, including but not limited to, wallet applications, cryptocurrency addresses and relevant metadata available locally on the investigated mobile device, including Coinbase Wallet, Metamask, BitPay, Trust Wallet, MyEtherWallet, etc. 2.13 The software must include an on-demand module for searching for viruses, spyware, trojans, and other malicious files. 2.14 The software must include a module for viewing by the creation date and time of the event. 2.15 The software must include an efficient module for creating reports on identified evidence, allowing selection of relevant files by marking them and generating separate reports based on the selection made. The generated reports must be viewable without using proprietary or paid software. The reporting module will allow export of reports in standard formats such as PDF, HTML, XML, Excel, Word, as well as in customizable formats (custom). 2.16 The software must include a separate module (by purchasing an additional license from the same manufacturer) for copying and analyzing data from user accounts stored on remote servers (cloud). The software should allow access to remote cloud data sources using authentication tokens obtained from mobile devices that support iOS and Android. Support for over 60 popular social media and cloud sources, such as: Facebook, Telegram, WhatsApp, Viber, Twitter, Gmail, AOL Mail, Dropbox, Uber, Skype, Instagram, TikTok, Line, LinkedIn, SnapChat messages, LinkedIn Public, Discord, Google Drive, etc., accessible using login data provided by users, cloud authentication tokens extracted from mobile devices or personal computers, scanned from personal files or other detection methods. 2.17 The software can use (by purchasing an additional license from the same manufacturer) additional methods